Just upgraded to Firefox Beta 38.0.5 today, 5/13/2015. Now all URLs get changed from http to https.
This seems to be a new to me issue of something reported several times before. It happened after upgrading to the latest Beta of Firefox, 38.0.5, and may actually be two problems. (1) I cannot access any new websites such as Google with http. Some sites allow me to add an exception to continue, but most, like Google, result in these error msgs: "The certificate is not trusted because the issuer certificate is unknown." and then "This site uses HTTP Strict Transport Security (HSTS) to specify that Firefox only connect to it securely. As a result, it is not possible to add an exception for this certificate." I have tried deleting history/cookies/cache, tried safe mode, changed the "browser,url.autofill" to "false" in about:config. Some of the tabs that were previously open before [the upgrade] allow me to continue, but if I close the tab and then try to reach that same URL, the http is changed to https; I can sometimes continue by creating an exception for the certificate.
(2) In researching the above problem, I found the received Google certificate is listed as being issued by Sendori of Oakland, CA, but Sendori is not listed in the "BuiltInCAs" database as of 3/2/2015, shipped with Mozilla software products, per "https://wiki.mozilla.org/CA:IncludedCAs". MS IE.v11 (which I'm using now) accepts and confirms the certificate for Google is issued by Sendori, and is valid 4/21/2015 to 7/6/2015. Is there a way to import credentials for this issuer into Firefox?
I've tried just about everything I've found in other items re autofill, http to https changes, and even some older items re a Sendori addon/extension. Would sure appreciate some help on this...
Modificado por iamgeorge a
Todas as respostas (4)
hi george, sendori is a software that could be called an unwanted program bordering on malware - it intercepts all encrypted connections like a man-in-the-middle attack, so you certainly wouldn't want to have it in your browser's trust store.
please proceed like this:
- reset firefox (this will keep your bookmarks and passwords)
- also go to the windows control panel / programs and remove all toolbars or potentially unwanted software from there.
- finally run a full scan of your system with different security tools like the free version of malwarebytes and adwcleaner to make sure that adware isn't present in other places of your system as well.
Did all that, no-go. I have 2 distinct problems: (1) I cannot enter "http" anymore, always changed by Firefox to "https". This leads to errors when accessing websites/pages that don't have cert's. Have tried all forum articles I've found to get rid of "autofill", history, cache, cookies, to no avail; cannot enter "http". (2) Somehow, Sendori is listed as the issuing CA for the sites that do have cert's, including Google and even support.mozilla.org. I can access these thru IE v11, verified that Sendori is shown is the CA for them there too, but presumably is listed in one of the Trusted CA stores, root, machine or local. I've verified that it is not listed in Mozilla's "BuiltInCAs" database as of 3/2/2015, so I cannot use Firefox. I have virus scanned my pc, run Firefox in safe mode, nothing worked. Also did search for "Sendori" in Control Panel programs,nada. Did hard disk search, found a small sendori.xml file in IE's "appdata...DOMstore" Used Regedit, found entries for Sendori in DOMStorage, TypedURLs, and Eventlog/Application. None seemed to me to be an issue or explanation for probs I'm having. If I've got malware that's intercepting a real SSL cert and changing to Sendori, I haven't been able to find it.
Followed all the instructions. None of the steps or the three tools found anything named sendori, but when all was done, the webpages I've visited so far now show their cert's as coming from the correct CA and pass authentication. I still have all my manually typed "http" changed to "https", similar to the old "HTTPS Everywhere" add-on, but appears to no longer to cause me an issue with the sendori virus[?] now gone.
THANK YOU for responding and providing the link !!!